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DETAILED ACTION 

• Applicant's Amendment filed 6/23/2005 is acknowledged. 

• Claims 1, 14, 27, and 40 have been cancelled, replaced with new claims 
41-44, respectively. 

• Claims 2, 4, 6-7, 9, 15, 17-20, 22, 28, 30, 33, and 35 have been amended. 

• Claims 2, 4-13, 15, 17-26, 28, 30-39, and 41-44 are pending. 

Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

2. Claims 2, 4, 5, 7-10, 12, 15, 17, 18, 20-23, 25, 28, 30, 31, 33-36, 38, and 
41-44 are rejected under 35 U.S.C. 103(a) as being unpatentable over Bertin et 
al. (US005687167A), hereafter Bertin, in view of Schneider et al. 
(US006785728B1), hereafter Schneider. 

- In regards to Claims 7-8, 12, 20-21, 25, 33-34, 38, and 41-44, 
Bertin discloses a method of providing access to a resource on a network. 
As illustrated in Fig. 2, Bertin shows the method implemented throughout the 
network utilizing computer software/code (claim 42 - computer program) and 
computer hardware (claim 44 - apparatus) comprising a memory and processor 
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for storing and executing the resource providing code (claim 43 - apparatus 
comprising memory and processor for storing and executing code; Col. 4, lines 
45-58). 

Referring to Fig. 1, Berlin shows a bandwidth (resource) reservation 
process that involves exchanging information (installing instructions for 
implementing a filter) on the network to reserve bandwidth on a destination path 
in the network (Fig. 1, step 103-105; Col. 13, lines 4-17; claims 41-44 -filter 
having matching criteria that limits access of the resource to a first network 
device; claims 7,20,33 - instructions installed on a device, resource comprises 
bandwidth of the device). 

Bertin discloses managing limited link bandwidth (claims 12,25,38 - limited 
number of filters that can be installed on a target device of the network) by 
preempting lower priority connections to accommodate higher priority data. 

The bandwidth reservations (instructions) are modified to change the 
amount of bandwidth available (level of access to the resource) to the transit 
nodes that establish the connection to the end node (Fig. 1 , steps 105-106; Col. 
13, lines 13-20; claims 8,21,34 - instructions are modified to change the level of 
access to the resource). 

Referring to Fig. 2, Bertin shows that the disclosed method of managing 
bandwidth resources in a network is performed for multiple nodes 201-208 that 
are interconnected by Trunks 209 of a high speed network. These nodes are 
managed through assigned addresses, such that each node can be differentiated 
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among the other nodes of the network (Col. 5, lines 48-50; claims 41-44 - 
multiple/second device requests access to the shared resource). 

Bertin does not explicitly show modifying the network access instructions 
by allowing access to the resource to any device having an address within an 
identified range of addresses based on the network addresses associated with a 
first and second network address. 

Schneider discloses a scalable access filter to control access by users in a 
network (Abstract). Schneider shows a single access filter may provide access 
to multiple users requesting access to a resource by allowing access to all 
devices within a workgroup, defined by a range of IP addresses, to which the 
multiple users belong (Figs. 2, 7-9, and 13; Col. 5, lines 15-60; Col. 23, lines 33- 
52; Col. 29, lines 12-53; claims 41-44 - modifying the network access instructions 
by allowing access to the resource to any device having an address within an 
identified range of addresses based on the network addresses associated with 
the first and second network address). 

It would have been obvious to one of ordinary skill in the art at the time of 
the invention to modify the method and apparatus of Bertin by enabling network 
resource access to multiple users having addresses within a range of addresses 
through a single filter, as shown by Schneider. This modification would reduce 
the amount of filters required in the network and would allow aggregating user 
access control into manageable workgroups, specified by an address range, in 
order to simplify the management, authentication and protection of the network 
when accessible to a large number of users. 
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- In regards to Claims 2, 15, and 28, 

Bertin discloses a method, apparatus and computer program for providing 
access to a network resource that covers all limitations of the parent claims 
above. 

Referring to Fig. 1, Bertin further shows the bandwidth reservation 
information (filter) installed on the transit and end nodes of the network. The 
information is defined as providing resource access (an action) to the node 
(device) associated with a selected path to a destination/network address 
(matching criteria; Col. 13, lines 1-17; Fig. 1, steps 102-105; claim 2,15,28 -filter 
is defined by matching criteria to identify a network address in the range of 
addresses and an action that is performed wrt the address). 

- In regards to Claims 4, 5, 17, 18, 30, and 31, 

Bertin discloses a method, apparatus and computer program for providing 
access to a network resource that covers all limitations of the parent claims 
above. 

Bertin discloses that each node in the network maintains a topology 
database that contains information about the nodes, links and bandwidth 
allocation (level of access to resources) in the network. The database is 
maintained through a topology algorithm to remain correct as links and nodes 
(with corresponding addresses) are added, deleted or change their 
characteristics (Fig. 5; Col. 8, lines 42-48; claim 4,17,30 - modifying instructions 
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comprises changing the range of addresses; claim 5,18,31 - modifying 
instructions comprises increasing the range of addresses). 

- In regards to Claims 9, 22, and 35, 

Bertin discloses a method, apparatus and computer program for providing 
access to a network resource that covers all limitations of the parent claims 
above. 

Bertin further discloses providing access to resources based on the 
priority level of data being transmitted through the network (Abstract; Col. 3, lines 
23-25; Col. 15, lines 5-7; claim 9,22,35 - filter defines the level of access to the 
resource based on a priority level of data packets being transmitted). 

- In regards to Claims 10, 23, and 36, 

Bertin discloses a method, apparatus and computer program for providing 
access to a network resource that covers all limitations of the parent claims 
above. 

Bertin further shows that modifying the bandwidth reservations 
(instructions) for data transmission of a particular priority group can be changed 
(Col. 16, lines 49-54; claim 10,23,36 - modifying instructions to change the 
amount of packets of particular priority that can be transmitted). 



Application/Control Number: 09/638,372 Page 7 

Art Unit: 2662 

3. Claims 6, 13, 19, 26, 32, and 39 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Bertin in view of Schneider as applied to claims 41 , 12, 
42, 15, 31, and 38 above, and further in view of Hedge (US006570875B1). 

- In regards to Claims 6, 13, 19, 26, 32, and 39, 

Bertin in view of Hedge discloses a method, apparatus and computer 
program for providing access to a network resource that covers all limitations of 
the parent claims above. 

Bertin does not show installing a negative filter within the range of 
addresses in order to block an address from accessing the resources. 

Hedge discloses a method, apparatus and computer program 
implementation for performing multi-protocol switching and routing. Hedge 
shows a filter (negative filter) that forbids communication between two hosts, 
ports, and/or applications (addresses) connected to a switch (Col. 6, lines 5-9; 
claims 6,13,19,26,32,39 - installing a negative filter to block an address within the 
range of addresses from accessing resources or block data from an address that 
is transmitting). 

It would have been obvious to one of ordinary skill in the art at the time of 
the invention to modify the resource access method, apparatus and program of 
Bertin by installing negative filters to block an address from accessing the 
resources of the network devices, as taught by Hedge, thereby providing a way 
of altering an existing resource filter for only certain devices without impacting the 
effect of the filter installed on other network devices in the range of addresses. 
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4. Claims 11, 24, and 37 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bertin in view of Schneider as applied to claims 9, 22, and 35 
above, and further in view of Ellesson et al. (US006459682B1), hereafter 
Ellesson. 

- In regards to Claims 11, 24, and 37, 

Bertin discloses a method, apparatus and computer program for providing 
access to a network resource that covers all limitations of the parent claims 
above. Bertin further discloses using information in the packet header of data to 
be transmitted over the network. 

Bertin does not expressly show that the priority level is defined as 
instructions in the header of data packets. 

Ellesson discloses a method, apparatus and computer program 
implementation of controlling packet traffic (providing access to resources) in an 
IP network. Ellesson discloses encoding the traffic class (priority level) into the 
headers of the data packets to be transmitted to determine their network priority 
(Abstract; claim 1 1,24,37 - priority level of the packets is defined by instructions 
in headers of the packets). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the resource access method, apparatus and program of 
Bertin by explicitly defining the priority level of data within the header of the data 
packet to be transmitted over the network, as taught by Ellesson. This 
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modification would provide priority level information for incoming data to each 
transit node without requiring the additional resources of a separate 
information/signaling channel between each transit node along the path to the 
destination address. 

Response to Arguments 

5. Applicant's arguments with respect to claims 41-44 have been considered 
but are moot in view of the new ground(s) of rejection. 

Conclusion 

6. Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. 
See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is 
filed within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1 .136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 
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Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Gregory B. Sefcheck whose telephone 
number is 571-272-3098. The examiner can normally be reached on Monday- 
Friday, 8:00am-4:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Hassan Kizou can be reached on 571-272-3088. The fax 
phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 



free). 
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